Is there a way to setup a hierarchical encryption using public key encryption?

Let's say a higher level user can decrypt messages encrypted by lower level users. Is that possible?
I guess it is only possible to do with hierarchical key management, like the higher level users have access to the lower level user's keys.

1 Answer
1

The Bresson-Catalano-Pointcheval scheme (link) is a sort of hybrid of the ElGamal and Paillier encryption schemes. The upper-level user knows the factorization of the modulus. The low-level user does not know the factorization of the modulus, but he does know the Diffie-Hellman contribution. The upper-level user can perform decryption using the prime factors of the modulus. The lower-level user can perform decryption using the secret Diffie-Hellman value. Two distinct lower-level users cannot decrypt each other's ciphertexts but the upper-level can decrypt everything.

Also, checkout BIP32 (link). This proposed scheme allows a user to generate a tree of secret keys and matching public keys. He can communicate the secret key of one particular branch to another user who will be able to decrypt all ciphertexts encrypted using public keys from that branch. However, this second user will not be able to decrypt ciphertexts from other branches. The original generator of the larger tree retains the ability to decrypt anything (as long as the message was encrypted using a public key from that tree).